From 3d6ca7c54b58344d3eb2592e91ea30860b4011d7 Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Thu, 1 Apr 2021 10:07:30 -0600 Subject: [PATCH 1/8] add configurable gws --- chart/templates/bigbang/anchore-vs.yaml | 8 ++++++-- chart/values.yaml | 8 ++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/anchore-vs.yaml b/chart/templates/bigbang/anchore-vs.yaml index 3a13e46..d541e57 100644 --- a/chart/templates/bigbang/anchore-vs.yaml +++ b/chart/templates/bigbang/anchore-vs.yaml @@ -7,7 +7,9 @@ metadata: namespace: {{ .Release.Namespace }} spec: gateways: - - istio-system/main + {{- range .Values.istio.console.gateways }} + - {{ . }} + {{- end }} hosts: - "anchore.{{ .Values.hostname }}" http: @@ -29,7 +31,9 @@ metadata: namespace: {{ .Release.Namespace }} spec: gateways: - - istio-system/main + {{- range .Values.istio.console.gateways }} + - {{ . }} + {{- end }} hosts: - "anchore-api.{{ .Values.hostname }}" http: diff --git a/chart/values.yaml b/chart/values.yaml index c247431..bfaa577 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -5,7 +5,15 @@ hostname: bigbang.dev istio: + # Toggle istio integration enabled: false + console: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main # Enable Prometheus Monitoring monitoring: -- GitLab From d605346699571de1ff13af08611cdaf704d7bf5b Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Thu, 1 Apr 2021 10:30:56 -0600 Subject: [PATCH 2/8] add configurable hosts --- chart/templates/bigbang/anchore-vs.yaml | 8 ++++++-- chart/values.yaml | 3 +++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/anchore-vs.yaml b/chart/templates/bigbang/anchore-vs.yaml index d541e57..397e64c 100644 --- a/chart/templates/bigbang/anchore-vs.yaml +++ b/chart/templates/bigbang/anchore-vs.yaml @@ -11,7 +11,9 @@ spec: - {{ . }} {{- end }} hosts: - - "anchore.{{ .Values.hostname }}" + {{- range .Values.istio.console.hosts }} + - {{ tpl . $ }} + {{- end }} http: - match: - uri: @@ -35,7 +37,9 @@ spec: - {{ . }} {{- end }} hosts: - - "anchore-api.{{ .Values.hostname }}" + {{- range .Values.istio.console.hosts }} + - {{ tpl . $ }} + {{- end }} http: - match: - uri: diff --git a/chart/values.yaml b/chart/values.yaml index bfaa577..07f57bf 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -14,6 +14,9 @@ istio: labels: {} gateways: - istio-system/main + hosts: + - "anchore.{{ .Values.hostname }}" + - "anchore-api.{{ .Values.hostname }}" # Enable Prometheus Monitoring monitoring: -- GitLab From cbdef97d31292d82bae8f9262eb581b19f959444 Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Thu, 1 Apr 2021 11:25:30 -0600 Subject: [PATCH 3/8] add configurable hosts --- chart/templates/bigbang/anchore-vs.yaml | 4 ++-- chart/values.yaml | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/chart/templates/bigbang/anchore-vs.yaml b/chart/templates/bigbang/anchore-vs.yaml index 397e64c..08cb74b 100644 --- a/chart/templates/bigbang/anchore-vs.yaml +++ b/chart/templates/bigbang/anchore-vs.yaml @@ -11,7 +11,7 @@ spec: - {{ . }} {{- end }} hosts: - {{- range .Values.istio.console.hosts }} + {{- range .Values.istio.console.hosts.ui }} - {{ tpl . $ }} {{- end }} http: @@ -37,7 +37,7 @@ spec: - {{ . }} {{- end }} hosts: - {{- range .Values.istio.console.hosts }} + {{- range .Values.istio.console.hosts.api }} - {{ tpl . $ }} {{- end }} http: diff --git a/chart/values.yaml b/chart/values.yaml index 07f57bf..6b1a9f5 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -15,8 +15,10 @@ istio: gateways: - istio-system/main hosts: - - "anchore.{{ .Values.hostname }}" - - "anchore-api.{{ .Values.hostname }}" + ui: + - "anchore.{{ .Values.hostname }}" + api: + - "anchore-api.{{ .Values.hostname }}" # Enable Prometheus Monitoring monitoring: -- GitLab From 579a93ee252b36c8802937976b18402172c8f932 Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 2 Apr 2021 10:24:54 -0600 Subject: [PATCH 4/8] update keycloak doc --- docs/KEYCLOAK.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/KEYCLOAK.md b/docs/KEYCLOAK.md index d025f9b..5b1b386 100644 --- a/docs/KEYCLOAK.md +++ b/docs/KEYCLOAK.md @@ -2,6 +2,8 @@ This document summarizes helm values and manual steps that are required to integrate with Keycloak. +**NOTE:** SSO requires an Anchore Enterprise license. To be onboarded and provided with a trial or production license, please send an email to publicsector@anchore.com including program name and contact details. + ## Configuration Steps These are the items you need to do to configure Keycloak and Anchore for SSO in your Big Bang installation. -- GitLab From 01371a50895ee2b07547612f0e504f197c30064f Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 2 Apr 2021 10:44:23 -0600 Subject: [PATCH 5/8] revert chart readme back to original --- chart/README.md | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/chart/README.md b/chart/README.md index 3c0e414..7c54421 100644 --- a/chart/README.md +++ b/chart/README.md @@ -242,21 +242,14 @@ See the anchore-engine [CHANGELOG](https://github.com/anchore/anchore-engine/blo A Helm post-upgrade hook job will shut down all previously running Anchore services and perform the Anchore DB upgrade process using a kubernetes job. The upgrade will only be considered successful when this job completes successfully. Performing an upgrade will cause the Helm client to block until the upgrade job completes and the new Anchore service pods are started. To view progress of the upgrade process, tail the logs of the upgrade jobs `anchore-engine-upgrade` and `anchore-enterprise-upgrade`. These job resources will be removed upon a successful helm upgrade. -## Chart version 1.12.7 - -* Anchore Engine image updated to v0.9.3 -* Anchore Enterprise image updated to v3.0.2 (Anchore Enterprise UI image remains at v3.0.1) -* An [issue](https://github.com/anchore/anchore-engine/issues/950) was found that effects users of Anchore Engine 0.9.0 - 0.9.2 scanning certain Java images. A new version of anchore-engine 0.9.3 fixes the issue. Anchore Enterprise customers using Anchore Enterprise 3.0.0 or 3.0.1 should upgrade to 3.0.2. - -## Chart version 1.12.4 +## Chart version 1.12.0 --- -* Anchore Engine image updated to v0.9.2 -* Anchore Enterprise images updated to v3.0.1 +* Anchore Engine image updated to v0.9.1 +* Anchore Enterprise images updated to v3.0.0 * Existing secrets now work for Enterprise Feeds and Enterprise UI - see [existing secrets configuration](#-Utilize-an-Existing-Secret) * Anchore admin default password no longer defaults to `foobar`, if no password is specified a random string will be generated. -* Bitnami redis helm chart replaced by Big Bang redis ## Chart version 1.10.0 @@ -766,4 +759,4 @@ To update the number in a running configuration: ```bash helm upgrade --set anchoreAnalyzer.replicaCount=2 anchore/anchore-engine -f anchore_values.yaml -``` +``` \ No newline at end of file -- GitLab From 5f18e9aa8a67a676e93295819d695c2851033f9e Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 2 Apr 2021 11:45:33 -0600 Subject: [PATCH 6/8] update docs for istio --- CHANGELOG.md | 2 ++ docs/BBCHANGES.md | 13 +++++++++++++ docs/CHART.md | 24 ++++++++++++++++++++++++ 3 files changed, 39 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ed0a0a..c5b044b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [1.12.7-bb.2] ### Changed - Added secrets and jobs for automated external Postgres database creation and user/password synchronization +- Updated virtual services and values.yaml to allow for customizable gateways and hosts +- Updated docs around dependencies ## [1.12.7-bb.1] ### Fixed diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 2dca5c8..4f25573 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -16,7 +16,20 @@ Added at the top of the values file are changes to support Istio, automated lice hostname: bigbang.dev istio: + # Toggle istio integration enabled: false + console: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + ui: + - "anchore.{{ .Values.hostname }}" + api: + - "anchore-api.{{ .Values.hostname }}" # Enable Prometheus Monitoring monitoring: diff --git a/docs/CHART.md b/docs/CHART.md index 418cd1e..2859879 100644 --- a/docs/CHART.md +++ b/docs/CHART.md @@ -176,6 +176,30 @@ stringData: password: "password" ``` +### Configuring Istio + +Istio can be configured to utilize your desired gateway(s) and host(s). To configure istio, pass the following options to the Anchore values: +```yaml +stringData: + values.yaml: |- + addons: + anchore: + values: + istio: + enabled: true + console: + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/ + hosts: + ui: + - ".{{ .Values.hostname }}" + api: + - ".{{ .Values.hostname }}" +``` + ### Enable SSO Big Bang has provided an automated way to configure SSO with Keycloak via the Helm chart. To enable and configure SSO follow the instructions in the main KEYCLOAK document. -- GitLab From b16fc7158f752fa86ff9a909c551496aebe3591e Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 2 Apr 2021 13:44:34 -0600 Subject: [PATCH 7/8] update istio configuration --- chart/templates/bigbang/anchore-vs.yaml | 8 ++++---- chart/values.yaml | 16 +++++++++++----- docs/BBCHANGES.md | 16 +++++++++++----- docs/CHART.md | 17 ++++++++++++----- 4 files changed, 38 insertions(+), 19 deletions(-) diff --git a/chart/templates/bigbang/anchore-vs.yaml b/chart/templates/bigbang/anchore-vs.yaml index 08cb74b..06d83d5 100644 --- a/chart/templates/bigbang/anchore-vs.yaml +++ b/chart/templates/bigbang/anchore-vs.yaml @@ -7,11 +7,11 @@ metadata: namespace: {{ .Release.Namespace }} spec: gateways: - {{- range .Values.istio.console.gateways }} + {{- range .Values.istio.ui.gateways }} - {{ . }} {{- end }} hosts: - {{- range .Values.istio.console.hosts.ui }} + {{- range .Values.istio.ui.hosts }} - {{ tpl . $ }} {{- end }} http: @@ -33,11 +33,11 @@ metadata: namespace: {{ .Release.Namespace }} spec: gateways: - {{- range .Values.istio.console.gateways }} + {{- range .Values.istio.api.gateways }} - {{ . }} {{- end }} hosts: - {{- range .Values.istio.console.hosts.api }} + {{- range .Values.istio.api.hosts }} - {{ tpl . $ }} {{- end }} http: diff --git a/chart/values.yaml b/chart/values.yaml index 6b1a9f5..398851e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -7,7 +7,7 @@ hostname: bigbang.dev istio: # Toggle istio integration enabled: false - console: + ui: # Toggle vs creation enabled: true annotations: {} @@ -15,10 +15,16 @@ istio: gateways: - istio-system/main hosts: - ui: - - "anchore.{{ .Values.hostname }}" - api: - - "anchore-api.{{ .Values.hostname }}" + - "anchore.{{ .Values.hostname }}" + api: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + - "anchore-api.{{ .Values.hostname }}" # Enable Prometheus Monitoring monitoring: diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md index 4f25573..71e342b 100644 --- a/docs/BBCHANGES.md +++ b/docs/BBCHANGES.md @@ -18,7 +18,7 @@ hostname: bigbang.dev istio: # Toggle istio integration enabled: false - console: + ui: # Toggle vs creation enabled: true annotations: {} @@ -26,10 +26,16 @@ istio: gateways: - istio-system/main hosts: - ui: - - "anchore.{{ .Values.hostname }}" - api: - - "anchore-api.{{ .Values.hostname }}" + - "anchore.{{ .Values.hostname }}" + api: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + - "anchore-api.{{ .Values.hostname }}" # Enable Prometheus Monitoring monitoring: diff --git a/docs/CHART.md b/docs/CHART.md index 2859879..798e2dc 100644 --- a/docs/CHART.md +++ b/docs/CHART.md @@ -187,17 +187,24 @@ stringData: values: istio: enabled: true - console: + ui: + # Toggle vs creation enabled: true annotations: {} labels: {} gateways: - istio-system/ hosts: - ui: - - ".{{ .Values.hostname }}" - api: - - ".{{ .Values.hostname }}" + - ".{{ .Values.hostname }}" + api: + # Toggle vs creation + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/ + hosts: + - ".{{ .Values.hostname }}" ``` ### Enable SSO -- GitLab From 8ae6eef6e70a4026ba97938ffa9d311cd9821e1f Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Fri, 2 Apr 2021 14:33:52 -0600 Subject: [PATCH 8/8] fix helm conditionals --- chart/templates/bigbang/anchore-vs.yaml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/anchore-vs.yaml b/chart/templates/bigbang/anchore-vs.yaml index 06d83d5..bd03271 100644 --- a/chart/templates/bigbang/anchore-vs.yaml +++ b/chart/templates/bigbang/anchore-vs.yaml @@ -1,10 +1,18 @@ --- -{{- if and .Values.istio.enabled .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseUi.enabled }} +{{- if and .Values.istio.enabled .Values.istio.ui.enabled .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseUi.enabled }} apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: anchore-enterprise-ui-service namespace: {{ .Release.Namespace }} + {{- if .Values.istio.ui.labels }} + labels: +{{ toYaml .Values.istio.ui.labels | indent 4 }} + {{- end }} + {{- if .Values.istio.ui.annotations }} + annotations: +{{ toYaml .Values.istio.ui.annotations | indent 4 }} + {{- end }} spec: gateways: {{- range .Values.istio.ui.gateways }} @@ -25,12 +33,20 @@ spec: host: {{ .Release.Name }}-anchore-engine-enterprise-ui {{- end }} --- -{{- if .Values.istio.enabled }} +{{- if and .Values.istio.enabled .Values.istio.api.enabled }} apiVersion: networking.istio.io/v1beta1 kind: VirtualService metadata: name: anchore-engine-api-service namespace: {{ .Release.Namespace }} + {{- if .Values.istio.api.labels }} + labels: +{{ toYaml .Values.istio.api.labels | indent 4 }} + {{- end }} + {{- if .Values.istio.api.annotations }} + annotations: +{{ toYaml .Values.istio.api.annotations | indent 4 }} + {{- end }} spec: gateways: {{- range .Values.istio.api.gateways }} -- GitLab